Identity Manager - CBC Technologies

candlewhynotData Management

Jan 31, 2013 (4 years and 2 months ago)

249 views

TridentHE


Identity and Access
Management Overview


Chad Rabideau

Product Manager


AegisUSA Overview


Identity and Access Management in Higher Ed


TridentHE Overview


Q+A

Agenda


Founded in 2004


Broad experience across multiple identity
platforms


Sun, Oracle, Shibboleth, Microsoft, and more


InCommon Affiliate Member



Launched new, open standards, enterprise
class
TridentHE

IAM Suite in October 2010

The Leader in
IAM
for Education


Low total cost of
ownership


Low support costs


Low risk


TridentHE


IAM Suite


Provisioning


Password Management


Self Service


Audit

Identity
Manager


Single Sign
-
on


Federated/External SSO


Authentication and Authorization

Access
Manager

The first open
-
standard, enterprise
-
class IAM
software for the education community,
delivering
:


TridentHE

Customers




IAM Consulting

Customers

IAM in Higher Ed

Open

Secure

FERPA

Authorization

Compliance

Privacy

Ubiquitous

Immediate

Anonymity

Collaboration

Priorities


A Variety of Roles and User
Requirements


Student Lifecycle Management


Faculty and Administration


Alumni


Business Partners


Organizational Complexity


Size , Systems, Applications,
Geographic


Disbursement, Partnerships


Cost of Managing, Changing,
and Scaling



Security Requirements


Protecting Identities, Protecting
Resources


Governance
-

Regulatory
Adherence


Audit, Reporting and
Compliance


Addressing Future Goals


Growth in Services


Growth in Locations


Growth in Collaborative
Relationships

Challenges

Where to start?

IAM
Technology

SSO

Federated/
External SSO

Identity
Administration

Directory
Services

Easy

Internal SSO

Single Partner
Federation

Password
Management

Whitepages

Moderate

Coarse
-
Grained
AuthZ

InCommon
Federation

Automated
Provisioning

Authentication

Advanced

External
AuthN

(partners)

Multi
-
partner
Federation (not
InCommon)

Role Based
Provisioning

Consolidation

More
Advanced

Fine
-
Grained
AuthZ

Federated
AuthZ

Deprovisioning

Delegation


Include People, Process, and Technology


Develop a Roadmap


Know where you are and where you want to be


Start small and build on success


Leverage open standards


Plan for on
-
going support and maintenance



Key Elements of an IAM program

Identity Manager


Provisioning


Password
Sync
and
Management


Self Service


Reconciliation


Attestation


Delegated
Admin


Reporting


Web Service based Integration
API

Access
Manager


Multi
-
Factor Authentication


Web Access control with
RBAC


SSO and Federation


Centralized policy management


Delegated
Admin


Reporting


Web
Service Based Integration
API



TridentHE

IAM Suite


Built from scratch without any legacy dependencies, leveraging well
established design methodologies provided by frameworks:




Based on industry standards for SOA, Security, XML and Java


SOA architecture simplifies integration between systems


Functionality is exposed through extensive service interface that is WS
-
I
compliant


Includes connectors and workflows designed specifically for higher
education


Flexible licensing model specifically designed for higher education


Technology Advantages


Connectors


Directory

(Microsoft AD,
Microsoft AD
-
LDS, Sun DSEE,
Oracle Internet Directory, 389,
OpenLDAP
, Novell
eDirectory
)


ERP

(SunGard Banner,
PeopleSoft,
Datatel
, Jenzabar,
Kuali
)


Portal

(
uPortal
,
Luminis
,
Liferay
,
MyCampus
, SharePoint,
PeopleSoft)


LMS

(Blackboard, Moodle,
Sakai)


Cloud/
SaaS

(Google Apps for
Edu
, Microsoft Live@edu,
Microsoft BPOS)


RDBMS

(Oracle, MySQL,
Microsoft SQL Server,
PostgreSQL
, DB2)


Other

(SPML, Web Services,
Solaris, Linux, Windows, HP
-
UX,
Lotus Notes)


TridentHE


Software Stack

Aegis IAM Architecture

In


InCommon
Federation

and
other Partners






End User Web
Clients/Browser

Federated Apps

Aegis Access Manager




Federated
SSO/SAML

Internal
SSO/Agents

Existing Applications






AD, LDAP

LMS

Cloud Apps

Email

Authoritative
Sources
















HR

SIS

Alumni

Near
-
Real
Time
Sync

Aegis Identity Manager







Reconciliation
Services

SOA Stack

Authorization
Services

IAM Repository

Audit and Compliance

Identity
Services

Identity
Administration

SAML
SSO

Web
SSO

Connectors

SSO

Identity
Self
Service


Account Claim


Self Service


Low cost shrink wrapped identity solutions


Addresses “Low Hanging Fruit” identity problems


Quick wins for customer identity initiatives


ROI


Visibility


Build momentum


Energize team


Enlighten pessimists, defuse cynics


Validate architecture/platform


Minimize professional services required to go live


Provide managed services for on
-
going operations and maintenance


Bundled hardware, software, and professional services into a single
package with a single vendor to rely on for support and maintenance


Trident Identity Appliances


Self
-
Contained
Identity Provider (IdP)
for InCommon


Plug and Play with
existing IAM
infrastructure (AD,
LDAP, etc)


Multi
-
factor AuthN


Pre
-
built SSO
templates


Integration with
Portals, Email, SIS,
and more


Automatically
manage accounts at
Google, Microsoft
Live@edu, and others


Allow for
sponsored/guest
account creation


Self Service Password
Portal


Works across the
environment : on
premises and in the
cloud


Higher
-
ed specific
connectors

Password
Management

Cloud
Identity
Provisioning

Federated
Identity

Single

Sign
-
on

Trident Appliance Solutions

Appliance Architecture


For more information:


www.aegisusa.com


Contact


Chad Rabideau (
chad.rabideau@aegisusa.net
)


Thank You